Agent for SharePoint Guide › Upgrade Your CA SiteMinder® Agent for SharePoint › Upgrades

Upgrades

Upgrading your CA SiteMinder® Agent for SharePoint from a previous version to 12.52 SP1 involves installing the new version of the software on your existing components.

Note: The upgraded product uses any existing SharePoint connection and the trusted identity provider from your previous version. You do not have to re-create these items. Associate the upgraded claims provider with your existing trusted identity provider.

Follow these steps:

1. Install the new version of the agent using one of the following procedures:
   • Upgrade the agent on Windows operating environments.
   • Upgrade the agent on UNIX operating environments.
2. Install the new version of the claims provider on your SharePoint central administration servers.
3. Confirm the name of your existing trusted identity provider.
4. Associate your existing trusted identity provider with the new claims provider.
5. Update your SSL configuration.
6. Repeat Steps 1 through 5 for any other components running the CA SiteMinder® Agent for SharePoint.

Install the New Version of the Agent

The first step of the upgrade process is installing the new version of the Agent. Pick the appropriate procedure for your operating environment from the following list:

• Upgrade the agent on Windows operating environments.
• Upgrade the agent on UNIX operating environments.

Upgrade the agent on Windows Operating Environments

Installing a new version of the agent upgrades the product from the previous version.

The default installation location for the agent on 32-bit Windows operating environments is: C:\Program Files\CA\Agent-for-SharePoint. On 64-bit Windows operating environments, the default installation location is C:\CA\Agent-for-SharePoint.

Important! The CA SiteMinder® Agent for SharePoint cannot be installed on a computer that hosts any other web server. The CA SiteMinder® Agent for SharePoint operates as a stand-alone proxy-based solution.

To run the agent installer on Windows operating environments, you need local Administrator privileges.

Note: We recommend installing the agent on an NTFS file-system partition.

Follow these steps:

1. Copy the installation program from the Download location on the CA Support site.
2. Right-click the following executable, and then select Run as administrator:

   ca-sp2010agent-version-operating_environment.exe

   The installation program starts.

3. Follow the instructions from the installation wizard.

   Note: The installer displays all Java executables that are installed in the system. Pick a Java component and version that is equal to or greater than the one shown by the installer. If the installer does not detect any Java executables by default, then browse and select the appropriate path. For more information about the required Java executables or other third-party software requirements, see the platform support matrix.

4. Restart your system after the installation finishes.
5. Continue with the next step of installing the new version of the claims provider.

Upgrade the Agent on UNIX Operating Environments

Installing a new version of the agent upgrades the product from the previous version.

The default installation location is user_home/CA/Agent-for-SharePoint. The folder where you install the agent requires sufficient permissions (755). Do not install the agent under the /root folder, because its default permissions (750) are insufficient.

Important! The CA SiteMinder® Agent for SharePoint cannot be installed on a computer that hosts any other web server. The CA SiteMinder® Agent for SharePoint operates as a stand-alone proxy-based solution.

Note: On the Solaris or Linux operating environments, the agent runs under the "nobody" user account. If you prefer not to run the agent under this user account, create an alternate user and assign the necessary permissions. Do not run this program as a root user.

Follow these steps:

1. Copy the appropriate file for your operating environment from the download location on the CA Support site to a temporary directory:
   • Solaris operating environment: ca-sp2010agent-version-sol.bin
   • Linux operating environment: ca-sp2010agent-version-linux.exe
2. Enter the appropriate command for your operating environment from the following list:
   • Solaris: sh ./ca-sp2010agent-version-sol.bin
   • Linux: sh ./ca-sp2010agent-version-linux.exe
3. Follow the prompts that the installation wizard provides.

   Note: The installer displays all Java executables that are installed in the system. Pick a Java component and version that is equal to or greater than the one shown by the installer. If the installer does not detect any Java executables by default, then browse and select the appropriate path. For more information about the required Java executables or other third-party software requirements, see the platform support matrix.

4. Continue with the next step of installing the new version of the claims provider.

Install the New Version of the Claims Provider on Your SharePoint Central Administration Servers

The next step of the upgrade process is installing a new version of the claims provider on your SharePoint central administration server. This installation upgrades the claims provider from the previous version.

The default installation location is user_home/CA/Agent-for-SharePoint. The folder where you install the agent requires sufficient permissions (755). Do not install the agent under the /root folder, because its default permissions (750) are insufficient.

Important! The CA SiteMinder® Agent for SharePoint cannot be installed on a computer that hosts any other web server. The CA SiteMinder® Agent for SharePoint operates as a stand-alone proxy-based solution.

Note: On the Solaris or Linux operating environments, the agent runs under the "nobody" user account. If you prefer not to run the agent under this user account, create an alternate user and assign the necessary permissions. Do not run this program as a root user.

Follow these steps:

1. Copy the appropriate file for your operating environment from the download location on the CA Support site to a temporary directory:
   • Solaris operating environment: ca-sp2010agent-version-sol.bin
   • Linux operating environment: ca-sp2010agent-version-linux.exe
2. Enter the appropriate command for your operating environment from the following list:
   • Solaris: sh ./ca-sp2010agent-version-sol.bin
   • Linux: sh ./ca-sp2010agent-version-linux.exe
3. Follow the prompts that the installation wizard provides.

   Note: The installer displays all Java executables that are installed in the system. Pick a Java component and version that is equal to or greater than the one shown by the installer. If the installer does not detect any Java executables by default, then browse and select the appropriate path. For more information about the required Java executables or other third-party software requirements, see the platform support matrix.

Confirm the Name of Your Existing Trusted Identity Provider

Confirm the name of your existing trusted identity provider before associating it with your upgraded claims provider.

Follow these steps:

1. Log on to the computer hosting your SharePoint central administration server.
2. Click Start, All Programs, Microsoft SharePoint 2010 Products, the SharePoint 2010 Management Shell.
3. Enter the following command;

   Get-SPTrustedIdentityTokenIssuer
   

   The name of your existing trusted identity provider appears. This provider is the one which you want to associate with your upgraded claims provider.

4. Continue with the next step of associating your existing trusted identity provider with the upgraded claims provider.

Associate Your Existing Trusted Identity Provider with the Upgraded Claims Provider

The next step of upgrading is associating the trusted identity provider with the upgraded claims provider.

Note: The upgraded product uses any existing SharePoint connection and the trusted identity provider from your previous version. You do not have to re-create these items. Associate the upgraded claims provider with your existing trusted identity provider.

The Update-SMTrustedIdentityTokenIssuer command updates the claims provider of a trusted identity token issuer to CASiteMinderClaimProvider.

Follow these steps:

1. Click Start, All Programs, Microsoft SharePoint 2010 Products, the SharePoint 2010 Management Shell.

   The SharePoint 2010 Management Shell command prompt appears.

2. Navigate to the following directory:

    C:\Program Files\CA\SharePointClaimsProvider\scripts
   

3. Enter the update command. This command has the following format:

   Update-SMTrustedIdentityTokenIssuer.ps1 -TrustedIdentityTokenIssuer “Name_of_Trusted_Identity_Provider_registered_with_SharePoint”
   

   TrustedIdentityTokenIssuer

   Specifies the name of the CA SiteMinder® trusted identity token issuer (trusted login provider) to update.

   Example:

   .\Update-SMTrustedIdentityTokenIssuer.ps1 -TrustedIdentityTokenIssuer “SiteMinder Federation”
   

   The SharePoint central administration server is updated with the new claims provider of the trusted identity token issuer.

Update the spsapachessl.properties File

Update the spsapachessl.properties file after upgrading the agent.

Do one of the following procedures, as appropriate:

• Generate an spsapachessl.properties file for an unencrypted private key on Windows
• Update the spsapachessl.properties file for an unencrypted private key on UNIX
• Generate an spsapachessl.properties file for an encrypted private key

Generate an spsapachessl.properties File for an Unencrypted Private Key on Windows

Generate an updated spsapachessl.properties file for an unencrypted private key on Windows.

Follow these steps:

1. Open a command-line window with administrative privileges.
   Navigate to the following directory:

   Agent-for-SharePoint_home\httpd\bin
   

2. Run the following command:

   configssl.bat -enable
   

   Note: If an overwrite warning appears, confirm that you want to overwrite the existing spsapachessl.properties file.

The spsapachessl.properties file is generated.

Update the spsapachessl.properties File for an Unencrypted Private Key on UNIX

Update the existing spsapachessl.properties file for an unencrypted private key after upgrading the Agent on UNIX. The spsapachessl.properties is located in the following location:

Agent-for-Sharepoint_home/httpd/conf/spsapachessl.properties

Follow these steps:

1. Open the spsapachessl.properties file in a text editor.
2. Search for the following line:

   apache.ssl.enabled=
   

3. Do one of the following tasks:
   • If the previous line does not exist, add it to the file. Then go to step 4.
   • If the previous line exists, go to Step 4.
4. Confirm that the value after the equal sign matches the setting that you want. Use the following examples:

   apache.ssl.enabled=Y
   

   apache.ssl.enabled=N
   

5. For example, if you were using SSL before your upgrade, verify that the value after the equal sign is Y.
6. Save the changes to the spsapachessl.properties file and close the text editor.

Generate an spsapachessl.properties File for an Encrypted Private Key

Generate an updated spsapachessl.properties file for an encrypted private key.

Follow these steps:

1. Open a command-line window with administrative privileges.
   Navigate to the following directory:
   • (Windows) Agent-for-SharePoint_home\httpd\bin
   • (UNIX) Agent-for-SharePoint_home/httpd/bin
2. Run one of the following script files:
   • (Windows) configssl.bat -enable passphrase
   • (UNIX) configssl.sh passphrase

   Note: If an overwrite warning appears, confirm that you want to overwrite the existing spsapachessl.properties file.

The spsapachessl.properties file is generated.